Fluid Attacks Database

Description

Improper Verification of Cryptographic Signature in node-forge

Impact

RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used.

Patches

The issue has been addressed in node-forge 1.3.0.

References

For more information, please see "Bleichenbacher's RSA signature forgery based on implementation error" by Hal Finney.

For more information

If you have any questions or comments about this advisory:

Open an issue in forge

Email us at example email address

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
npm	node-forge	>=0 <1.3.0	1.3.0
npm	forge	>=0 <1.3.0	2.1.0
debian 11	node-node-forge	=0.10.0~dfsg-3 \|\| >=0 <0.10.0~dfsg-3+deb11u1	0.10.0~dfsg-3+deb11u1
rpm rhel8	pcs	-	-

Aliases

1. CVE-2022-247712. NVD-2022-247713. OSV-2022-247714. OSV-DEBIAN-2022-247715. GHSA-cfm4-qjh2-47656. GCVE-2022-247717. GHSA-cfm4-qjh2-47658. SECURITY-TRACKER-CVE-2022-24771

References

1. https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-47652. https://github.com/digitalbazaar/forge/commit/3f0b49a0573ef1bb7af7f5673c0cfebf00424df13. https://github.com/digitalbazaar/forge/commit/bb822c02df0b61211836472e29b9790cc541cdb2